&引用;已从服务器返回一个引用";尝试使用Remove ADGroupMember时在powershell中
简介 我有一个脚本,在根域中的用户可以正常工作。基本上,它所做的就是它&引用;已从服务器返回一个引用";尝试使用Remove ADGroupMember时在powershell中,powershell,active-directory,Powershell,Active Directory,简介 我有一个脚本,在根域中的用户可以正常工作。基本上,它所做的就是它 导入用户的csv 抓住了他们的知名度 查看组中的可分辨名称列表中是否存在其可分辨名称 如果其DN确实在组中,请将其从组中删除 问题 $csv = Import-Csv -Path "users.csv" -Header 'Username' $group = 'GroupA' $groupDN = Get-ADgroup 'GroupA'| Select -Property DistinguishedName $inco
$csv = Import-Csv -Path "users.csv" -Header 'Username'
$group = 'GroupA'
$groupDN = Get-ADgroup 'GroupA'| Select -Property DistinguishedName
$incount = 0
$notcount = 0
$members = Get-ADGroupMember $group -Server "domain.com" | Select -Property DistinguishedName
ForEach ($Username in $csv) {
$user = $Username.Username
$user = Get-ADUser $user -Server "child.domain.com" | Select -Property DistinguishedName
if ($members -like $user){
Remove-ADGroupMember $groupDN -Members $user -Confirm:$false -Server 'domain.com'
#Set-ADObject -Identity $groupDN -Remove @{member=$($user)}
write-host "Removed:" $user
$incount++
} Else {$notcount++}
}
Write-host "Task complete"
Write-host "Users removed from" $group ":" $incount
Write-host "Users that were not in" $group ":" $notcount
$prompt = Read-Host -Prompt "Press enter to close"
但是,我在尝试从位于根域的组中删除子域中的用户时遇到问题
错误
Remove-ADGroupMember : A referral was returned from the server
At U:\powershell\AD\Remove_users_from_group.ps1:16 char:9
+ Remove-ADGroupMember $groupDN -Members $user -Confirm:$false ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (CN=GroupA C=Domain,DC=com:ADGroup) [Remove-ADGroupMember], ADRe
ferralException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
代码
$csv = Import-Csv -Path "users.csv" -Header 'Username'
$group = 'GroupA'
$groupDN = Get-ADgroup 'GroupA'| Select -Property DistinguishedName
$incount = 0
$notcount = 0
$members = Get-ADGroupMember $group -Server "domain.com" | Select -Property DistinguishedName
ForEach ($Username in $csv) {
$user = $Username.Username
$user = Get-ADUser $user -Server "child.domain.com" | Select -Property DistinguishedName
if ($members -like $user){
Remove-ADGroupMember $groupDN -Members $user -Confirm:$false -Server 'domain.com'
#Set-ADObject -Identity $groupDN -Remove @{member=$($user)}
write-host "Removed:" $user
$incount++
} Else {$notcount++}
}
Write-host "Task complete"
Write-host "Users removed from" $group ":" $incount
Write-host "Users that were not in" $group ":" $notcount
$prompt = Read-Host -Prompt "Press enter to close"
当DC不能做您想做的事情,但它知道您需要找谁来做您需要做的事情时,将返回转介。在这种情况下,这意味着它没有连接到正确的域,但是
Remove-ADGroupMember
无法跟踪引用。由于您没有为删除ADGroupMember
指定-Server
参数,因此它可能连接到您登录的任何域。解决方案就是使用-Server
参数使其与正确的域通信,就像使用Get-ADGroupMember
一样
Remove-ADGroupMember $groupDN -Members $user -Confirm:$false -Server "domain.com"
我发现您的代码还有另一个问题:您正在将
-Recursive
参数与Get-ADGroupMember
一起使用,这意味着它将返回属于组成员的用户,其中该组是$group
的成员。但是,您使用Remove ADGroupMember
将用户从组中删除,就像它是该组的直接成员一样<代码>删除ADGroupMember对于非直接成员的用户将失败。感谢您的回复!我删除了-recursive
并添加了-Server domain.com
,但仍然存在相同的问题。我也尝试了child.domain.com
只是为了好玩,没有改变:c同样的错误。我已经用更改更新了我的帖子您是否会遇到与企业管理员相同的错误?